Category Archives: attachment

PHPMailer & XAMPP uploaded files within /temp have ‘no-access’

I'm using PHPMailer's multiple attachments example which can be found here: https://github.com/PHPMailer/PHPMailer/blob/master/examples/send_multiple_file_upload.phps

So far the emails are sent, except the attachments which aren't actually received and when the form is submitted I get the following errors

move_uploaded_file(): Filename cannot be empty in /Applications/XAMPP/xamppfiles/htdocs/project/send.php
move_uploaded_file(): Unable to move '/Applications/XAMPP/xamppfiles/temp/phpB5LKBM' to '' in /Applications/XAMPP/xamppfiles/htdocs/

I visited the /temp directory in XAMPP and every time I submit the forms, files are added but they all have 'no access' set.

I think it's a permissions issue and I have not idea how to fix this. Is there a function that uploads the files with accessible permissions?

PHPMailer & XAMPP uploaded files within /temp have ‘no-access’

I'm using PHPMailer's multiple attachments example which can be found here: https://github.com/PHPMailer/PHPMailer/blob/master/examples/send_multiple_file_upload.phps

So far the emails are sent, except the attachments which aren't actually received and when the form is submitted I get the following errors

move_uploaded_file(): Filename cannot be empty in /Applications/XAMPP/xamppfiles/htdocs/project/send.php
move_uploaded_file(): Unable to move '/Applications/XAMPP/xamppfiles/temp/phpB5LKBM' to '' in /Applications/XAMPP/xamppfiles/htdocs/

I visited the /temp directory in XAMPP and every time I submit the forms, files are added but they all have 'no access' set. I don't know if this is the real cause of the errors, but it would make sense.

for ($ct = 0; $ct < count($_FILES['userfile']['tmp_name']); $ct++) {
    $uploadfile = tempnam(sys_get_temp_dir(), sha1($_FILES['userfile']['name'][$ct]));
    $filename = $_FILES['userfile']['name'][$ct];
    if (move_uploaded_file($_FILES['userfile']['tmp_name'][$ct], $uploadfile)) {
        $mail->addAttachment($uploadfile, $filename);
    } else {
        $msg .= 'Failed to move file to ' . $uploadfile;
    }
}

I used the following code from this post:http://stackoverflow.com/a/10975261/3758078 to check if the directory is writable.

$tmpdir = sys_get_temp_dir();
echo "Temp dir: $tmpdir\n";
echo  is_writable($tmpdir) ? "Temp dir is writable" : "Temp dir is not writable";

This is returned

/var/folders/17/xcd1g85n4tz5tssq86s_0ztm0000gn/T Temp dir is not writable

So I guess that is the cause, the temp directory isn't writable.

Deny access to uploads directory from all from remote access in Invision Board forum software

I am using Invision Board v4.

I want all the users to be able to see their images that are attached to their topics only form within the forum software (i.e. when vieweing the topics).

Example: In a topic there is an attachment that has a source link like http://www.example.com/uploads/image1.jpg . I want it to be shown if i am reading a topic but i dont want to b able to access it if i type the url in the browser.

I made some tries with .htaccess in the uploads directory but with no luck. I tried adding

Deny form all
Allow from 127.0.0.1
Allow from ::1 

but no luck.

Is this even possible?

wordpress rss file attachement ( dont display, just download )

Hye

I have a new problem with my Wordpress. When I try to access to my RSS feed this one is automaticly downloaded. ( and I just want to see it )

I use Firefox and dont have this problem on other sites (Wp or not)

So, I try to modify the .httacess file ( add MIME and attachment )

You can try http://news.vincent-bonnefille.fr/feed/ ! I cant figure where is the bug. I disable all my plugins. Do you already saw that ?

Thank you

Rename file attachment in htaccess

I would like to rename requested file by GET param.

So when I call: (...)media/models/admin_test/1/image?filename=blabla.png

It should set name of requested file to "blabla.png"

I tried this one:

SetEnvIf Query_String "\?filename=(.+)$" FILENAME=$1
Header set Content-Type application/octet-stream
Header set Content-Disposition "attachment; filename=%{FILENAME}e"
UnsetEnv FILENAME

But I get (null) as name. Any suggestions?

How to block users from downloading an attachment of a timed WordPress -post before article goes live?

My current solution is to use htaccess to block the uploads archive, so visitors cannot browse them and thus see a new file before its released. Also if the client gives a hard-to-guess names to the attachments then users will not be able to get to them without knowing the exact name (right?)

.htaccess:

Options -Indexes

My questions:

  1. On a scale of 1-10, how easy my current solution is to hack? Is it possible to make this solution relatively safe

  2. Is there another safer solution for this? could a plugin be developed to transfer the file from a safe place when article gets released

  3. Can ANY solution where the attachment is on the server/inside WordPress -uploads be a safe solution?

  4. Is there a third party solution for this? Like service that could release documents at specific time

thanks!

EDIT: Also interested in why this is not safe, and how this solution could be cracked.